Identity theft and fraud are substantial threats to informational security in today's technological age. As a result, governmental entities must be more and more vigilant in verifying the authenticity of documents being presented, for example, in procuring drivers' licenses and/or other public entitlements. Trust is the key to credentialing. People need to be able to trust the documents presented definitively.
The attacks on the United States of America on Sep. 11, 2001, prompted a review of how governmental entities identify those responding to an incident. For example, can the public trust that the fire fighter and police officer showing up on scene truly have the skills they say they do? How does Incident Command effectively keep unauthorized people from a disaster area, while at the same time account for the activities of authorized people?
In the years following the 2001 attacks, new federal guidelines and initiatives have been developed that have changed the way personnel are managed in disaster situations by laying out the specific procedures and checks to be done to trust the identification presented in a crisis situation. This focus has been increased by the federal government's issuance of four major guidance documents including Homeland Security Presidential Directive (“HSPD-12”), Policy for a Common Identification Standard for Federal Employees and Contractors; Federal Information Processing Standard 201-1 (“FIPS 201”), Personal Identity Verification (“PIV”) of Federal Employees and Contractors; and Department of Health and Human Services—Health Resources and Services Administration—Emergency Systems for Advance Registration of Volunteer Health Professionals (“ESAR-VHP”) Program; Real ID Act of 2005 and subsequent 2007 Guidance from the Department of Homeland Security.
We have learned from other disasters that the term “responder” can encompass a variety of skill sets. For example, the assistance of telecommunications workers and heavy equipment operators became vital in recovering from the devastation caused by Hurricane Katrina. The lessons from the 2001 attacks, Hurricane Katrina, and other disasters indicate that significant improvements are needed in crisis management.
There exists a great deal of historic evidence supporting the need for development of an interoperable network of credentialing systems. It is important to point out the perceived requirement is to develop an interoperable network, and not to establish a federally sponsored, sole-sourced data store system.
Local, regional, and state authorities require an identification system to provide for the advanced and/or acute credentialing of first responders and critical personnel. Given the number of federal agencies working both independently and in concert to develop future standards for the early identification, registration, and credentialing of first responders, the Authority Having Jurisdiction (“AHJ”) also desires the system be configurable to current needs as well as future state and federal requirements. The AHJ is the entity responsible for authenticating identity as well as authentication and validation of professional training and licensure information in the home region or geographic area with which the credentialing candidate is affiliated via his/her primary credentialing classification. The AHJ will determine the level of information necessary to meet for both security and operational requirements. The AHJ should be aware that their current local requirements might be superseded by state or federal regulations in the future. Failure to conform to these regulations may result in the disqualification of locally issued credentials by other regional authorities.
A fundamental truth is that the emergency services community is the most dedicated to its mission, yet with the same passion, is the most tradition-bound. Nowhere is this more noticeable than with the introduction of “technology.” Although tremendous strides have been made over the last twenty years using technology to assist in supporting safer and more effective firefighters, law enforcement officers, EMS professionals etc., they still find themselves resistant to change when something new comes down the pike. One of the latest uses of technology concepts introduced over the last few years involves the push to introduce interoperable credentialing systems.
There exists a great deal of confusion as to what a credential actually is. It is actually easier to define what a credential is not. It is not simply a badge. A badge in its various forms is relatively easy to duplicate. Although it obviously identifies the owner, it offers no guarantees to the accuracy of that identification. This perception is also true in regards to systems for credentialing, resource allocation, and accountability supported by bar code technology including the modern version of that technology referred to as radio frequency identification (RFID). This technology is also easy to duplicate and does not provide for adequate security in relation to both the technology and the technology's ability to support a trusted process.
Government authorities at local, regional, and state levels can issue credentials. Also, large private sector institutions such as hospitals, or even professional associations can issue credentials. However, the credential does not give the credential holder the legal right to perform any action or act on any authority. The credential does offer verified, definitive proof of credential holder's identity, and a record of licenses granted to credential holder, and professional qualifications and/or training certifications that allow a credential holder (e.g., emergency responder) to perform his or her job.